GuardION: Practical mitigation of DMA-based rowhammer attacks on ARM

Victor van der Veen; Martina Lindorfer; Yanick Fratantonio; Harikrishnan Padmanabha Pillai; Giovanni Vigna; Christopher Kruegel; Herbert Bos; Kaveh Razavi

doi:10.1007/978-3-319-93411-2_5

GuardION: Practical mitigation of DMA-based rowhammer attacks on ARM

Victor van der Veen^*, Martina Lindorfer, Yanick Fratantonio, Harikrishnan Padmanabha Pillai, Giovanni Vigna, Christopher Kruegel, Herbert Bos, Kaveh Razavi

^*Corresponding author for this work

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

471 Downloads (Pure)

Abstract

Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector. Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability. Since hardware-level mitigations cannot be backported, a search for software defenses is pressing. Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses. To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks—the main attack vector on mobile devices—by isolating DMA buffers with guard rows. We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2 MB on average). We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks.

Original language	English
Title of host publication	Detection of Intrusions and Malware, and Vulnerability Assessment - 15th International Conference, DIMVA 2018, Proceedings
Subtitle of host publication	15th International Conference, DIMVA 2018 Saclay, France, June 28–29, 2018 Proceedings
Publisher	Springer/Verlag
Pages	92-113
Number of pages	22
ISBN (Electronic)	9783319934112
ISBN (Print)	9783319934105
DOIs	https://doi.org/10.1007/978-3-319-93411-2_5
Publication status	Published - 2018
Event	15th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2018 - Saclay, France Duration: 28 Jun 2018 → 29 Jun 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10885 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	15th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2018
Country/Territory	France
City	Saclay
Period	28/06/18 → 29/06/18

Funding

This work was supported by the Netherlands Organisation for Scientific Research through grants NWO CSI-DHS 628.001.021, by the European Commission through project H2020 ICT-32-2014 “SHARCS” under Grant Agreement No. 644571, the NSF under Award No. CNS-1408632, the ONR under Award No. N00014-17-1-2897, DARPA under agreement number FA8750-15-2-0084, and a Security, Privacy and Anti-Abuse award from Google. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. Any opinions, findings, and conclusions or recommendations expressed in this publication are those of the authors and do not necessarily reflect the views, position, official policies, or endorsements, either expressed or implied, of the U.S. Government, DARPA, ONR, NSF, or Google.

Funders	Funder number
National Science Foundation	1408632
European Commission	644571, H2020 ICT-32-2014
Nederlandse Organisatie voor Wetenschappelijk Onderzoek	CSI-DHS 628.001.021

Access to Document

10.1007/978-3-319-93411-2_5

Veen2018_Chapter_GuardIONPracticalMitigationOfDFinal published version, 631 KBLicence: Article 25fa Dutch Copyright Act

Persistent URL (handle)

Persistent link

Cite this

van der Veen, V., Lindorfer, M., Fratantonio, Y., Padmanabha Pillai, H., Vigna, G., Kruegel, C., Bos, H., & Razavi, K. (2018). GuardION: Practical mitigation of DMA-based rowhammer attacks on ARM. In Detection of Intrusions and Malware, and Vulnerability Assessment - 15th International Conference, DIMVA 2018, Proceedings: 15th International Conference, DIMVA 2018 Saclay, France, June 28–29, 2018 Proceedings (pp. 92-113). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10885 LNCS). Springer/Verlag. https://doi.org/10.1007/978-3-319-93411-2_5

van der Veen, Victor ; Lindorfer, Martina ; Fratantonio, Yanick et al. / GuardION : Practical mitigation of DMA-based rowhammer attacks on ARM. Detection of Intrusions and Malware, and Vulnerability Assessment - 15th International Conference, DIMVA 2018, Proceedings: 15th International Conference, DIMVA 2018 Saclay, France, June 28–29, 2018 Proceedings. Springer/Verlag, 2018. pp. 92-113 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{112a5465aeb540fd98ff6f3b7c976676,

title = "GuardION: Practical mitigation of DMA-based rowhammer attacks on ARM",

abstract = "Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector. Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability. Since hardware-level mitigations cannot be backported, a search for software defenses is pressing. Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses. To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks—the main attack vector on mobile devices—by isolating DMA buffers with guard rows. We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2 MB on average). We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks.",

author = "{van der Veen}, Victor and Martina Lindorfer and Yanick Fratantonio and {Padmanabha Pillai}, Harikrishnan and Giovanni Vigna and Christopher Kruegel and Herbert Bos and Kaveh Razavi",

year = "2018",

doi = "10.1007/978-3-319-93411-2_5",

language = "English",

isbn = "9783319934105",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer/Verlag",

pages = "92--113",

booktitle = "Detection of Intrusions and Malware, and Vulnerability Assessment - 15th International Conference, DIMVA 2018, Proceedings",

note = "15th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2018 ; Conference date: 28-06-2018 Through 29-06-2018",

}

van der Veen, V, Lindorfer, M, Fratantonio, Y, Padmanabha Pillai, H, Vigna, G, Kruegel, C, Bos, H & Razavi, K 2018, GuardION: Practical mitigation of DMA-based rowhammer attacks on ARM. in Detection of Intrusions and Malware, and Vulnerability Assessment - 15th International Conference, DIMVA 2018, Proceedings: 15th International Conference, DIMVA 2018 Saclay, France, June 28–29, 2018 Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10885 LNCS, Springer/Verlag, pp. 92-113, 15th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2018, Saclay, France, 28/06/18. https://doi.org/10.1007/978-3-319-93411-2_5

GuardION: Practical mitigation of DMA-based rowhammer attacks on ARM. / van der Veen, Victor; Lindorfer, Martina; Fratantonio, Yanick et al.
Detection of Intrusions and Malware, and Vulnerability Assessment - 15th International Conference, DIMVA 2018, Proceedings: 15th International Conference, DIMVA 2018 Saclay, France, June 28–29, 2018 Proceedings. Springer/Verlag, 2018. p. 92-113 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10885 LNCS).

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - GuardION

T2 - 15th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2018

AU - van der Veen, Victor

AU - Lindorfer, Martina

AU - Fratantonio, Yanick

AU - Padmanabha Pillai, Harikrishnan

AU - Vigna, Giovanni

AU - Kruegel, Christopher

AU - Bos, Herbert

AU - Razavi, Kaveh

PY - 2018

Y1 - 2018

N2 - Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector. Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability. Since hardware-level mitigations cannot be backported, a search for software defenses is pressing. Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses. To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks—the main attack vector on mobile devices—by isolating DMA buffers with guard rows. We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2 MB on average). We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks.

AB - Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector. Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability. Since hardware-level mitigations cannot be backported, a search for software defenses is pressing. Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses. To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks—the main attack vector on mobile devices—by isolating DMA buffers with guard rows. We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2 MB on average). We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks.

UR - http://www.scopus.com/inward/record.url?scp=85049324896&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85049324896&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-93411-2_5

DO - 10.1007/978-3-319-93411-2_5

M3 - Conference contribution

AN - SCOPUS:85049324896

SN - 9783319934105

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 92

EP - 113

BT - Detection of Intrusions and Malware, and Vulnerability Assessment - 15th International Conference, DIMVA 2018, Proceedings

PB - Springer/Verlag

Y2 - 28 June 2018 through 29 June 2018

ER -

van der Veen V, Lindorfer M, Fratantonio Y, Padmanabha Pillai H, Vigna G, Kruegel C et al. GuardION: Practical mitigation of DMA-based rowhammer attacks on ARM. In Detection of Intrusions and Malware, and Vulnerability Assessment - 15th International Conference, DIMVA 2018, Proceedings: 15th International Conference, DIMVA 2018 Saclay, France, June 28–29, 2018 Proceedings. Springer/Verlag. 2018. p. 92-113. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). Epub 2018 Jun 8. doi: 10.1007/978-3-319-93411-2_5

GuardION: Practical mitigation of DMA-based rowhammer attacks on ARM

Abstract

Publication series

Conference

Funding

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this